- What is the user's default role when logged in? For example if the application customizes the user interface according to role, then what role will be picked up?
- If a user has some authorization grant for a role and a deny for another which will be taken into acccount?
For the question 1 , I think that a default role should be given for every user, and this should be used for view customization. For an ASP.NET 2.o application this could be stored in user profile.
For the question 2, I plan to take this approach, If user has at least one grant for an operation then it is sufficient for the authorization.
Thanks Ozgur,
ReplyDeleteIt was nice to hear from you.
:)